Hello, welcome to the Tuesday, June 23rd, 2020 edition of the Sansonet Storm Center's Stormcast.

My name is Johannes Orich, and the day I'm recording from Jacksonville, Florida.

DDA today has a nice introduction to Winmerch and, well, for a change, no, it's not a Python script.

It's actually GUI software that runs on Windows and allows you to easily compare to office documents.

Well, you may say, Word has a feature where I can compare to documents and look at what was edited, that's not what Winmerge is about.

It actually compares the internal XML structure of the documents, metadata, and the like.

So a lot more thorough than just comparing like what the text may have changed between two

documents.

Where it is make them in handy, for example, is quite often we see with spearfishing

attacks where an attacker uses an existing document that someone has published, for example,

on their website, and then add some malicious payload to it.

Of course, with Winmerge, if you do have that

original document available, it may be really easy to then pull out what is the malicious

component that the attacker added. On patched Tuesday two weeks ago, I was a little bit surprised

that my Mac never prompted me for any of the Microsoft Office updates.

And I didn't really pay too much attention, I have to admit, but it turns out that Microsoft was a little bit late in actually releasing the updates for Microsoft Office on the Mac.

They now, and actually last week they did that, but still delayed, have released updates

for four vulnerabilities in Microsoft Office for the Mac. Three of these vulnerabilities can

actually lead to remote code execution.

So definitely make sure you apply them.

Also, while we're talking about the Mac, VMware also has released an update for

VMware Tools for Mac OS.

...